A Hidden Bug In The System Puts 21,000 U.K. Students At Risk

Students to Phishing

A hidden bug found within an information management system may have compromised the data of 21,000 U.K. schools, who are all now at risk of a possible breach. It appears the matching algorithm of student records of the system is failing and producing incorrect results when queried. The glitch introduced a peculiar bug where students were able to access personal information belonging to other students when logging in to the system. School authorities in the U.K. are currently investigating the source of the bug with great immediacy. 

Capita, the company who first developed the customized information management system clarified, “The consequence of the corruption is that contact information for the incoming pupil, for example, address, telephone number, and email address, may have become associated with other pupil’s records, or the new pupil could themselves be linked to the wrong contact details. The problem could have impacted pre-admission students, pupils currently enrolled, and the records of those who once attended.”

Capita also announced a newer version of the information management system is already in the pipeline, which they believe will completely solve the issue. They have also created a more secure program procedure which will prevent any cross-accessing of data between students. “We have identified isolated instances where the contact details of new applicants to a school have merged with those of existing pupils. This has only happened on rare occasions where the first name and surname of a student’s listed contact are an exact match. We have taken immediate steps to fix the software and prevent this from happening again and have also notified other schools on how to identify and rectify any issues. We apologize to schools and parents for any disruption this may cause,” emphasized Capita’s spokesperson.

Security issues and subsequent exposure of student and faculty privacy in the U.K. school system is nothing new. Just last February 2018, a school CCTV system was penetrated by hackers and enabled public web broadcast. A live video feed of the corridors, playgrounds and even restrooms of the St Mary’s Catholic Academy and Highfield Leadership Academy were made publicly viewable.

Spear phishing has also been prevalent in U.K. Schools, as fake emails pretending to be from the education department have reached the mailboxes of faculty members, who were asked them to provide personal information. Faculty members and other staff were warned not to open any questionable attachments or emails they don’t recognize. Many of these phishing emails are only looking to deliver ransomware which, as we know, will encrypt computer files and hold the data hostage until the user pay to regain the files. 

According to Phishing.org, a non-profit organization that helps firms to educate their staff about the dangers of phishing, users need to do the following:

  • Use hardware firewalls.
  • Think before clicking a link.
  • Be wary of random pop-ups.
  • Keep web browsers updated.
  • Use updated Antivirus Software.
  • Install an anti-phishing toolbar if possible.
  • Stay aware of the newest phishing techniques.
  • Regularly evaluate user accounts for evidence of being targeted.
  • Verify the site’s security by checking its certificate before moving forward.
  • Do not any provide personal information unless the destination is verified.

Julia Sowells960 Posts

Julia Sowells has been a technology and security professional. For a decade of experience in technology, she has worked on dozens of large-scale enterprise security projects, and even writing technical articles and has worked as a technical editor for Rural Press Magazine. She now lives and works in New York, where she maintains her own consulting firm with her role as security consultant while continuing to write for Hacker Combat in her limited spare time.

0 Comments

Leave a Comment

comodo partner
Login

Welcome! Login in to your account

Remember me Lost your password?

Don't have account. Register

Lost Password
Register